Mac OS X Tiger to support Fast Logout, Access Control Lists

According to sources privy to pre-release builds of Apple's Mac OS X 10.4 "Tiger" operating system, the release will feature "Fast Logout and Autosave" technology and support for Access Control Lists file-based permissions, AppleInsider has learned.

Fast Logout and Autosave

Fast logout and autosave is a performance-related feature designed to improve the user experience of Mac OS X Tiger.

Presently, closing windows in Mac OS X an expensive operation, especially if the application must prompt the user about unsaved changes for each document window. Tiger's fast logout and autosave feature will improve logout, shutdown, and restart operations by reducing the number of confirmation dialogs presented to the user, all the while protecting the user's unsaved data in open applications.

During a logout, shutdown, or restart operation, Tiger will determine whether an application should post a confirmation dialog for unsaved changes or perform an auto-save event. If the application performs an auto-save event, data will be saved to a special location on the system and the user will be logged out of Mac OS X. The next time the user logs in, the system relaunches each application with auto-saved documents and reconstructs the documents as their state immediately before the last logout.

According to sources, most of the applications that will ship with Tiger will already support Fast Logout and Autosave. On the other hand, third party developers will need to update their applications to gain the benefits of the new feature.

Access Control Lists

Tiger will also introduce support for Access Control Lists (ACLs)a robust system for implementing file-based permissions that offer many improvements over the existing BSD permissions currently used by the Mac OS X file systems.

Among the improvements delivered by ACL's is support for ownership of files and directories by a group, enhanced interoperability with Samba and Windows, and support for multiple owners of a file or directory, each with potentially different permissions.

Additionally, ACL's will add support for static inheritance of file permissions from a parent directory and provide more control over a file than just read/write/execute permissions.
ACLs are a common feature of enterprise computing because they provide flexible and highly configurable rights management for servers. The technology also removes many of the limitations of the existing BSD permissions by allowing access to files and directories by multiple groups and users. In addition, it lets the system administrator grant specific rights to each user and group without requiring the creation of special new groups.

Originally posted by MPMoriartySo ACL are better than Mac OS X's current file permission system?

Yes, absolutely. ACLs allow for much more permissions customization than is possible with the current system. For example, an ACL can allow a file to be owned by more than one group - something not possible with the current system.

Hurrah for ACLs. I hope this is evidence of a serious effort on Apple's part to create a server and client OS that can funtion in most small to mid-sized businesses. For the most part, they are there already. ACLs were big on my list as the current permissions were too restrictive. Now, make mounting of shares easier (more intuitive) and we've got a winner on the OS side.

It is funny, I read that 2003 Small Business Server is a huge hit. Personally, I think it is horrible (although I find 2003 Server a fine OS). Apple has all the right parts; with a little polish it could compete very well with SBS2003.

I guess I'm still smarting over my company's decision to ditching Panther Server/ OS X in favor of SBS2003/ XP...

Originally posted by AppleInsiderACL's will add support for static inheritance of file permissions from a parent directory and provide more control over a file than just read/write/execute permissions.

Sounds like that inheritance can work like a per-directory umask, probably obviating the need for the seriously limited global umask. Cool.

What I'd really like is an automatic way to ensure consistent file permissions when installing software. Too many third party apps are installed with world writable directories, as running "find /Applications -type d -mode 777 -ls" will reveal.

Originally posted by wrldwzrd89Don't you think Apple should have put ACL support in Panther, then, if ACLs were available from *BSD?

Well, yes and no. As far as I can tell, ACLs are part of FreeBSD since version 5.0, which was released in January 2003. (The current version is 5.2.1)

It wasn't a newest thing under the sun at that time, but the FreeBSD implementation was quite fresh and Apple was left with about half a years time to copy it to Darwin. Which is not much. A safer and better strategy is to wait and see how the FreeBSD implementation lives up, wait for one or two versions before the bugs get ironed out and then introduce it into Darwin. And leave ample time for testing and debugging, since an error in the file permissions implementation could be very fatal.

The question is why didn't they put ACLs in one of the incremental updates like 10.3.5. First of all, I am not sure if/how many apps the ACL will or will not break (probably just some disk maintenance apps), second, I guess they like to keep all the aces for paid upgrades.